Re: [patch] [sg]etaffinity hooks

From: Stephen Smalley (sdsat_private)
Date: Tue Oct 08 2002 - 04:44:52 PDT

  • Next message: Stephen Smalley: "Re: [patch] [sg]etaffinity hooks"

    On Mon, 7 Oct 2002, Crispin Cowan wrote:
    
    > Anticipating predictable rebuttal :) aside from processor affinity, have
    > we also closed all of the other trivial ways that a local user/process
    > can DoS a machine into the ground by consuming gobs of resources? Fork
    > bombing, consuming as much memory as possible, thrashing all levels of
    > cache and disk, flooding network connections, etc. I'm not convinced
    > that we even come close to preventing local DoS.
    
    I'd agree that preventing a local DOS is not a goal of LSM.  But the fact
    that setaffinity/getaffinity can set and get an element of state of
    another process means that you need to be able to control them to enforce
    any kind of mandatory access control policy, whether MLS or TE or ...
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 04:46:29 PDT